|
| ||
| Removing Hacking tools I have just ran pandasoftware scan on my computer www.pandasoftware.com & it has told me that I have spyware, hacking tools & potentially unwanted tools & 1 dialler :eek: Anyone know of a good software to remove this?:mad: PS> I have Windows Defender but it hasn't detected them.:rolleyes: |
| ||
| Re: Removing Hacking tools From your last hijackthis log we didn't see any hacking tools. The dialer it's supposed to try to use your dial-up modem everytime you turn the computer on. Has that happened? There are two possibilities: 1. they are on your computer but they are not active, just stored on the hard drive in some location. 2. the panda software is wrong. Does it say which are the infected files? |
| ||
| Re: Removing Hacking tools I don't normally look at the dialling number when I connect to the internet so I cannot say if it has happened, I assume that it;s my ISP connecting, however, it's quite unlikely. I think you are right, it's sitting somewhere in my hard drive but how do I locate it? I don't know if Panda is wrong! But thank you for your feedback. |
| ||
| Re: Removing Hacking tools Can you post the results of the Panda scan? That report could give us some details of what infections you have and where they are located. Also- For a more thorough check of your system, you can do the following: You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad. * Download and install the following utilities: Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en CCleaner - www.ccleaner.com ewido Anti-malware - http://www.ewido.net/en/download/ When installing ewido, under "Additional Options" uncheck..
ewido manual updates Don't run a scan with ewido yet; just close the program once the updates are installed. * Open your anti-virus program and check for/install the most current updates. Again- don't run a scan; just close the program once the updates are installed. * Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and: * Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". * Run CCleaner. - Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" - Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) : * C:\Windows\Temp * C:\Windows\Prefetch * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.) * C:\Documents and Settings\<Your Profile>\Local Settings\Temp * C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files * C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp * C:\Documents and Settings\<Your Profile>\Cookies * C:\Documents and Settings\<Any other users Profile>\Cookies Hit OK - In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders - Click on Run Cleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished. * Run a full system scan with your anti-virus utility, and then run Windows Defender and ewido; have the programs fix all malicious items they find. When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK. Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here. * Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated. - - |
| ||
| Re: Removing Hacking tools OK, I will do that but this is the Panda report for now (but now Im running another spyware program, I'll send you the details) This is the Panda report: Incident Status Location Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Kiana\Desktop\Registry Cleaner.lnk Adware:adware/dyfuca Not disinfected Windows Registry Spyware:spyware/searchcentrix Not disinfected Windows Registry Dialer:dialer.db Not disinfected hkey_current_user\software\Matrix_HTML Adware:adware/otx Not disinfected Windows Registry Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} Adware:adware/ist.yoursitebar Not disinfected Windows Registry Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\ADM25.ADM25.1 Adware:adware/wupd Not disinfected Windows Registry Adware:adware/mshtmpre Not disinfected Windows Registry Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@adrevolver[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@apmebf[2].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@bravenet[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@bs.serving-sys[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@casalemedia[2].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@clickbank[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@realmedia[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@serving-sys[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@statcounter[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@stats1.reliablestats[1].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@webpower[1].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@winfixer[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@www.myaffiliateprogram[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@xmts[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiana\Cookies\kiana@zedo[1].txt |
| ||
| Re: Removing Hacking tools This is the report from Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11:11:15, on 25/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Kiana\LOCALS~1\Temp\Rar$EX05.062\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/slv/ycheck/as...om/search?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home R3 - Default URLSearchHook is missing O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/ O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125426848903 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F9A42912-7F3C-4D13-ADF4-233B9686FF8B}: NameServer = 212.67.96.129 212.67.120.148 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe |
| ||
| Re: Removing Hacking tools I might be wrong but i believe SPYBOT can solve this problems. You can download it from this link: http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1 Try it and let me know the result. Cheers, |
| ||
| Re: Removing Hacking tools Thank you, that;s another one to try! I have so many to download now......My computer will be squeaky clean.... |
| ||
| Re: Removing Hacking tools The Panda log you posted appears to be just a scan; it doesn't indicate that it actually cleaned anything. If you didn't choose to have Panda disinfect when it scan, do the scan again, making sure that the "autoclean" box is checked. Post the new Panda scan results and a new HJT log (do the HJT scan after the Panda scan). |
| All times are GMT -4. The time now is 7:10 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC